Modifying smartphone user locking behavior

Symposium On Usable Privacy and Security Pub Date : 2013-07-24 DOI:10.1145/2501604.2501614

D. V. Bruggen, Shu Liu, Mitchell D. Kajzer, A. Striegel, C. Crowell, J. D'Arcy

{"title":"Modifying smartphone user locking behavior","authors":"D. V. Bruggen, Shu Liu, Mitchell D. Kajzer, A. Striegel, C. Crowell, J. D'Arcy","doi":"10.1145/2501604.2501614","DOIUrl":null,"url":null,"abstract":"With an increasing number of organizations allowing personal smart phones onto their networks, considerable security risk is introduced. The security risk is exacerbated by the tremendous heterogeneity of the personal mobile devices and their respective installed pool of applications. Furthermore, by virtue of the devices not being owned by the organization, the ability to authoritatively enforce organizational security polices is challenging. As a result, a critical part of organizational security is the ability to drive user security behavior through either on-device mechanisms or security awareness programs. In this paper, we establish a baseline for user security behavior from a population of over one hundred fifty smart phone users. We then systematically evaluate the ability to drive behavioral change via messaging centered on morality, deterrence, and incentives. Our findings suggest that appeals to morality are most effective over time, whereas deterrence produces the most immediate reaction. Additionally, our findings show that while a significant portion of users are securing their devices without prior intervention, it is difficult to influence change in those who do not.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"74","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium On Usable Privacy and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2501604.2501614","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 74

Abstract

With an increasing number of organizations allowing personal smart phones onto their networks, considerable security risk is introduced. The security risk is exacerbated by the tremendous heterogeneity of the personal mobile devices and their respective installed pool of applications. Furthermore, by virtue of the devices not being owned by the organization, the ability to authoritatively enforce organizational security polices is challenging. As a result, a critical part of organizational security is the ability to drive user security behavior through either on-device mechanisms or security awareness programs. In this paper, we establish a baseline for user security behavior from a population of over one hundred fifty smart phone users. We then systematically evaluate the ability to drive behavioral change via messaging centered on morality, deterrence, and incentives. Our findings suggest that appeals to morality are most effective over time, whereas deterrence produces the most immediate reaction. Additionally, our findings show that while a significant portion of users are securing their devices without prior intervention, it is difficult to influence change in those who do not.

查看原文本刊更多论文

修改智能手机用户锁定行为

随着越来越多的组织允许个人智能手机进入他们的网络，引入了相当大的安全风险。个人移动设备及其各自安装的应用程序池的巨大异质性加剧了安全风险。此外，由于设备不属于组织所有，因此以权威方式执行组织安全策略的能力具有挑战性。因此，组织安全的一个关键部分是通过设备上机制或安全意识程序驱动用户安全行为的能力。在本文中，我们从150多名智能手机用户中建立了用户安全行为的基线。然后，我们系统地评估通过以道德、威慑和激励为中心的信息来推动行为改变的能力。我们的研究结果表明，随着时间的推移，诉诸道德是最有效的，而威慑则会产生最直接的反应。此外，我们的研究结果表明，虽然很大一部分用户在没有事先干预的情况下保护了他们的设备，但很难影响那些没有干预的用户的变化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Symposium On Usable Privacy and Security

自引率

0.00%

发文量